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CLAIMS 



We claim: 

1. A method for determining members of a group, comprising the steps 

of: 

determining nested members of a first group; and 
reporting said nested members of said first group. 

2. A method according to claim 1 , wherein: 

said nested members include members of multiple levels of nested groups. 

3. A method according to claim 1, wherein: 

said step of determining nested members includes recursively determining 
members of group members. 

4. A method according to claim 1, wherein said step of determining 
nested members includes the steps of: 

determining all static group members of said first group; 

determining all static and dynamic members of said group members of said 
first group; 

determining all group members of said group members of said first group; and 
determining all static and dynamic members of said group members of said 
group members of said first group. 

5. A method according to claim 1 . further comprising the steps of: 
determining dynamic members of said first group; and 

reporting said dynamic members of said first group. 

6. A method according to claim 5, wherein: 

said first group and nested groups of said first group include rules defining 
criteria for being dynamic members. 
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7. A method according to claim 6, wherein said step of determining 
dynamic members includes the steps of: 

determining a normalized set of said rules; and 

determining which users are defined by said normahzed set of said rules, said 
users defined by said normalized set of said rules are said dynamic members of said 
first group. 

8. A method according to claim 5, further comprising the steps of: 
storing an identification of said nested members and said dynamic members in 

one or more attributes of said first group; and 

reporting said nested members and said dynamic members firom said one or 
more attributes of said first group, without repeating said steps of determining 
dynamic members and determining nested members, in response to a request for 
members of said first group. 

9. A method according to claim 5, further comprising the steps of: 
storing an identification of said nested members and said dynamic members in 

a static member attribute of said first group; and 

reporting said nested members and said dynamic members fi-om said static 
member attribute of said first group, without repeating said steps of determining 
dynamic members and determining nested members, in response to a request for 
members of said first group. 

1 0. A method according to claim 1 , further comprising the steps of: 
determining static members of said first group; 

determining dynamic members of said first group; and 

reporting said static members and said dynamic members of said first group. 

11. A method according to claim 1 0, wherein: 

said nested members include members of multiple levels of nested groups; and 
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said step of determining nested members includes recursively determining 
members of group members. 

12. A method according to claim 1 1 , wherein: 
5 said first group and nested groups of said first group include rules defining 

criteria for being dynamic members; and 

said step of determining dynamic members includes determining a normalized 
set of said rules and determining which users are defined by said normalized set of 
said rules, said users defined by said normalized set of said rales are said dynamic 
10 members of said first group. 



13. A method according to claim 10, wherein: 

said nested members include members of multiple levels of nested groups; and 
said steps of determining nested members, determining static members and 
15 determining dynamic members are performed by an integrated identity and access 
system. 

14. A method according to claim 13, wherein: 

said integrated identity and access system is capable of performing 
20 authorization services based on membership in said first group. 



15. A method for identifying members of a group, comprising the steps of: 
determining dynamic members of a first group; 

storing an identification of each of said dynamic members of said first group; 
25 receiving a request to report members of said first group, said request is 

received subsequent to said step of storing; and 

reporting said dynamic members of said first group in response to said 
request, said reporting of said dynamic members is performed based on said stored 
identification of said dynamic members. 

30 

16. A method according to claim 15, wherein: 
said first group includes one or more static members; 
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an identification of each of said static members is stored in a static member 
attribute for an identity profile of said first group; and 

said identification of each of said dynamic members is stored in said static 
member attribute for said identity profile of said first group. 

5 

17. A method according to claim 15, wherein: 
said first group includes one or more static members; 

an identification of each of said static members is stored in a static member 
attribute for an identity profile of said first group; 
10 said identity profile of said first group also includes an expansion attribute; 

and 

said method can only be performed if said expansion attribute includes an 
appropriate value. 

15 18. A method according to claim 17, wherein: 

said identity profile of said first group also includes a dynamic rule attribute 
which stores a rule that defines dynamic membership for said first group; and 

said method can only be performed for an entity having access to said 
expansion attribute and said dj^namic rule attribute. 

20 

19. A method according to claim 15, wherein: 

said steps of determining and storing are automatically repeated. 

20. A method according to claim 15, wherein: 

25 said steps of determining, storing and receiving are performed by an integrated 

identity and access system. 

21. A method according to claim 20, wherein: 

said integrated identity and access system is capable of performing 
30 authorization services based on membership in said first group. 

22. A method according to claim 15, fixrther comprising the steps of: 



Attorney Docket No.: OBLX-01028US0 Express Mail No. EL 897 525 589 US 

Z:\oblx\l 028\1 02S.app.doc 



nnini] 



-121- 

determining nested members of said first group; and 

storing an identification of each of said nested members of said first group, 
said step of reporting includes reporting said nested members based on said stored 
identification of said nested members. 

5 

23. A method according to claim 22, wherein: 

said nested members include members of multiple levels of nested groups. 

24. A method according to claim 22, wherein: 

10 said step of determining nested members includes recursively determining 

members of group members. 

25. A method according to claim 22, wherein: 

said first group includes one or more static members; and 
15 said step of reporting includes reporting said static members. 

26. A method according to claim 15, wherein said step of determining 
nested members includes the steps of: 

determining all static group members of said first group; 
20 determining all static and dynamic members of said static group members of 

said first group; 

determining all static group members of said static group members of said first 
group; and 

determining all members of said static group members of said static group 
25 members of said first group. 

27. A method according to claim 15, wherein: 

said first group and nested groups of said first group include rules defining 
criteria for being dynamic members; and 
30 said step of determining dynamic members includes the steps of determining a 

normalized set of said rules and determining which users are defined by said 
normahzed set of said rules, said users defined by said normalized set of said rules are 
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said dynamic members of said first group. 

28. A method according to claim 1 5, wherein: 

said first group includes one or more static members; and 
5 said step of reporting includes reporting said static members. 

29. One or more processor readable storage devices having processor 
readable code embodied on said processor readable storage devices, said processor 
readable code for programming one or more processors to perform a method 

1 0 comprising the steps of: 

determining nested members of a first group; and 
reporting said nested members of said first group. 

30. One or more processor readable storage devices according to claim 29, 
1 5 wherein: 

said nested members include members of multiple levels of nested groups. 

3 1 . One or more processor readable storage devices according to claim 29, 
wherein: 

20 said step of determining nested members includes recursively determining 

members of group members. 

32. One or more processor readable storage devices according to claim 29, 
wherein said method fiirther comprises the steps of: 

25 determining static members of said first group; 

determining dynamic members of said first group; and 

reporting said static members and said dynamic members of said first group. 

33. One or more processor readable storage devices according to claim 32, 
30 wherein: 

said nested members include members of multiple levels of nested groups; 
said step of determining nested members includes recursively determining 
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members of group members; 

said first group and nested groups of said first group include rules defining 
criteria for being dynamic members; and 

said step of determining dynamic members includes determining a normalized 
set of said rules and determining which users are defined by said normalized set of 
said rules, said users defined by said normalized set of said rules are said dynamic 
members of said first group. 

34. One or more processor readable storage devices according to claim 32, 
wherein: 

said nested members include members of multiple levels of nested groups; and 
said steps of determining nested members, determining static members and 

determining dynamic members are performed by an integrated identity and access 

system. 

35. One or more processor readable storage devices having processor 
readable code embodied on said processor readable storage devices, said processor 
readable code for programming one or more processors to perform a method 
comprising the steps of: 

determining dynamic members of a first group; 

storing an identification of each of said dynamic members of said first group; 

and 

receiving a request to report members of said first group, said request is 
received subsequent to said step of storing; and 

reporting said dynamic members of said first group in response to said 
request, said reporting of said dynamic members is performed based on said stored 
identification of said dynamic members. 

36. One or more processor readable storage devices according to claim 35, 
wherein: 

said first group includes one or more static members; and 
said step of reporting includes reporting said static members. 
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37. One or more processor readable storage devices according to claim 36, 
wherein: 

5 said steps of determining and storing are automatically repeated. 

38. One or more processor readable storage devices according to claim 36, 
wherein: 

said steps of determining, storing and receiving are performed by an integrated 
10 identity and access system. 

39. One or more processor readable storage devices according to claim 36, 
wherein said method further comprises the steps of: 

determining nested members of said first group, said nested members include 
15 members of multiple levels of nested groups; and 

storing an identification of each of said nested members of said first group, 
said step of reporting includes reporting said nested members based on said stored 
identification of said nested members. 



20 40. An apparatus that can determine members of a group, comprising: 

a communication interface; and 

one or more processor in communication with said communication interface, 
said one or more processor perform a method comprising the steps of: 
determining nested members of a first group, and 
25 reporting said nested members of said first group. 

41 . An apparatus according to claim 40, wherein: 

said nested members include members of multiple levels of nested groups. 



30 42. An apparatus according to claim 41, wherein said method fiirther 

comprises the steps of: 

determining static members of said first group; 
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detemiining dynamic members of said first group; and 

reporting said static members and said dynamic members of said first group. 

43. An apparatus according to claim 42, wherein: 

said first group and nested groups of said first group include rules defining 
criteria for being dynamic members; and 

said step of determining dynamic members includes determining a normalized 
set of said rules and determining which users are defined by said normalized set of 
said rules, said users defined by said normaUzed set of said rules are said dynamic 
members of said first group. 

44. An apparatus that can determine members of a group, comprising: 
a communication interface; and 

one or more processor in communication with said communication interface, 
said one or more processor perform a method comprising the steps of: 

determining dynamic members of a first group, said first group 
includes one or more static members, 

storing an identification of each of said dynamic members of said first 

group, and 

receiving a request to report members of said first group, said request 
is received subsequent to said step of storing, and 

reporting said static members and said dynamic members of said first 
group in response to said request, said reporting of said dynamic members is 
performed based on said stored identification of said dynamic members. 

45. An apparatus according to claim 44, wherein: 

said steps of determining and storing are automatically repeated. 

46. An apparatus according to claim 44, wherein: 

said steps of determining, storing and receiving are performed by an integrated 
identity and access system. 



Attorney Docket No. : OBLX-0 1 028USO 
Z:\oblx\l 028\1 028.app.doc 



Express Mail No. EL 897 525 589 US 



-126- 

47. An apparatus according to claim 44, wherein said method further 
comprises the steps of: 

determining nested members of said first group, said nested members include 
members of multiple levels of nested groups; and 

storing an identification of each of said nested members of said first group, 
said step of reporting includes reporting said nested members based on said stored 
identification of said nested members. 
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